This week I passed the Certified Red Team Operator (CRTO) exam by RastaMouse from ZeroPointSecurity. Overall, this was a great follow-up to OSCP, because it took my Active Directory knowledge further and allowed me to practice with a real C2. It was well worth the money and every part of it was incredibly enjoyable. I highly recommend this course and exam to anyone interested in learning the fundamentals of red teaming and I’m publishing this to share my impressions and experiences with it.
My OSCP journey is finally over and I have a lot of people to thank for inspiring me to finish it. Most of all I have Dylan to thank. I highly recommend you check out his blog and see his own journey. This article is intended to have all the information about OSCP that I wish I had when I first started studying for it. I’ve tried a large number of popular study materials and I review each one of them here, as well as share miscellaneous tips and opinions about the exam.
Less than a year after passing the Security+, I can finally proudly say that I passed CySA+ as well. I set my sights on this exam the same day I passed the Security+ and I focused on studying for it extensively over the past two months. I passed it with 845 out of 900 and was really surprised at how well it went despite the fact that CompTIA recommends you to have 3-4 years of technical experience minimum. I’ve got 0. I have no IT or Security work experience, but what I do have is determination and the will to succeed. If such an underqualified 20 year old could pass this exam thanks to those two things, you can as well. The purpose of this blogpost is to share some of the things I found helpful during my studies for it. I explored a diverse range of study materials and I will tell you which ones worked for me and which ones didn’t.
Security+ is an industry standard certfication that is very popular and held in high regard. CompTIA recommends you to have an Network+ level of knowledge combined with two years of IT administration experience with a focus in Security before you go for this exam, but that is nothing more than a recommendation. You can easily pass this exam with no IT work experience and without a Network+ behind you. I did and so can you. I initially passed this exam in December of 2018, but over time i realized that my tips and tricks were too surface-level, so i rewrote my blogpost entirely with extra information for you. I hope you find it at least remotely useful.